SiberianCMS - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

AccuPOS - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Priority PRI WEB Portal Add-On for Priority ERP on prem - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Cybonet - CWE-22: Improper Limitation of a Pathname to a Restricted Directory

Cybonet - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

A vulnerability was found in SourceCodester Medicine Tracker System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /classes/Users.php?f=save_user of the component Password Change Handler. The manipulation leads to cross-site request forgery. The attack…

Matrix Tafnit v8 - CWE-646: Reliance on File Name or Extension of Externally-Supplied File

Matrix Tafnit v8 - CWE-204: Observable Response Discrepancy

Matrix - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Acceptance of extraneous untrusted data with trusted data vulnerability exists in EC-CUBE 4 series. If this vulnerability is exploited, an attacker who obtained the administrative privilege may install an arbitrary PHP package. If the obsolete versions of PHP packages are installed, the product may…